Fix CVE-2016-10268, ref. http://bugzilla.maptools.org/show_bug.cgi?id=2598 https://github.com/vadz/libtiff/commit/5397a417e61258c69209904e652a1f409ec3b9df Bump PKGREVISION.diff -r1.132 -r1.133 pkgsrc/graphics/tiff/Makefile
(he)
| @@ -1,17 +1,17 @@ | @@ -1,17 +1,17 @@ | |||
| 1 | # $NetBSD: Makefile,v 1.132 2017/05/06 21:29:16 he Exp $ | 1 | # $NetBSD: Makefile,v 1.133 2017/05/06 21:37:16 he Exp $ | |
| 2 | 2 | |||
| 3 | DISTNAME= tiff-4.0.7 | 3 | DISTNAME= tiff-4.0.7 | |
| 4 | PKGREVISION= 8 | 4 | PKGREVISION= 9 | |
| 5 | CATEGORIES= graphics | 5 | CATEGORIES= graphics | |
| 6 | MASTER_SITES= ftp://download.osgeo.org/libtiff/ | 6 | MASTER_SITES= ftp://download.osgeo.org/libtiff/ | |
| 7 | 7 | |||
| 8 | MAINTAINER= pkgsrc-users@NetBSD.org | 8 | MAINTAINER= pkgsrc-users@NetBSD.org | |
| 9 | HOMEPAGE= http://simplesystems.org/libtiff/ | 9 | HOMEPAGE= http://simplesystems.org/libtiff/ | |
| 10 | COMMENT= Library and tools for reading and writing TIFF data files | 10 | COMMENT= Library and tools for reading and writing TIFF data files | |
| 11 | LICENSE= mit | 11 | LICENSE= mit | |
| 12 | 12 | |||
| 13 | EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} | 13 | EXTRACT_ONLY= ${DISTNAME}${EXTRACT_SUFX} | |
| 14 | 14 | |||
| 15 | USE_LANGUAGES= c c++ | 15 | USE_LANGUAGES= c c++ | |
| 16 | USE_LIBTOOL= yes | 16 | USE_LIBTOOL= yes | |
| 17 | GNU_CONFIGURE= yes | 17 | GNU_CONFIGURE= yes |
| @@ -1,25 +1,25 @@ | @@ -1,25 +1,25 @@ | |||
| 1 | $NetBSD: distinfo,v 1.78 2017/05/06 21:29:16 he Exp $ | 1 | $NetBSD: distinfo,v 1.79 2017/05/06 21:37:16 he Exp $ | |
| 2 | 2 | |||
| 3 | SHA1 (tiff-4.0.7.tar.gz) = 2c1b64478e88f93522a42dd5271214a0e5eae648 | 3 | SHA1 (tiff-4.0.7.tar.gz) = 2c1b64478e88f93522a42dd5271214a0e5eae648 | |
| 4 | RMD160 (tiff-4.0.7.tar.gz) = 582e19c31e7f29d9ed36995dcad7ad68802cbadb | 4 | RMD160 (tiff-4.0.7.tar.gz) = 582e19c31e7f29d9ed36995dcad7ad68802cbadb | |
| 5 | SHA512 (tiff-4.0.7.tar.gz) = 941357bdd5f947cdca41a1d31ae14b3fadc174ae5dce7b7981dbe58f61995f575ac2e97a7cc4fcc435184012017bec0920278263490464644f2cdfad9a6c5ddc | 5 | SHA512 (tiff-4.0.7.tar.gz) = 941357bdd5f947cdca41a1d31ae14b3fadc174ae5dce7b7981dbe58f61995f575ac2e97a7cc4fcc435184012017bec0920278263490464644f2cdfad9a6c5ddc | |
| 6 | Size (tiff-4.0.7.tar.gz) = 2076392 bytes | 6 | Size (tiff-4.0.7.tar.gz) = 2076392 bytes | |
| 7 | SHA1 (patch-configure) = a0032133f06b6ac92bbf52349fabe83f74ea14a6 | 7 | SHA1 (patch-configure) = a0032133f06b6ac92bbf52349fabe83f74ea14a6 | |
| 8 | SHA1 (patch-html_man_Makefile.in) = 705604e2a3065da192e7354a4a9cdcd16bd6823d | 8 | SHA1 (patch-html_man_Makefile.in) = 705604e2a3065da192e7354a4a9cdcd16bd6823d | |
| 9 | SHA1 (patch-libtiff_tif__luv.c) = c2e8ce7474119ffa02d226932ad6c8c2b230062c | 9 | SHA1 (patch-libtiff_tif__luv.c) = c2e8ce7474119ffa02d226932ad6c8c2b230062c | |
| 10 | SHA1 (patch-libtiff_tif__pixarlog.c) = ad16681cf3fcb5fded048eb70c0a93f1b6447147 | 10 | SHA1 (patch-libtiff_tif__pixarlog.c) = ad16681cf3fcb5fded048eb70c0a93f1b6447147 | |
| 11 | SHA1 (patch-libtiff_tif__strip.c) = f7dc7b24378d0541a8f3bcc3cad78ea2d6ae14d7 | 11 | SHA1 (patch-libtiff_tif__strip.c) = f7dc7b24378d0541a8f3bcc3cad78ea2d6ae14d7 | |
| 12 | SHA1 (patch-libtiff_tif_dir.c) = 28c45b95cedeebe005b44b45393d66f61e0ea6f7 | 12 | SHA1 (patch-libtiff_tif_dir.c) = 28c45b95cedeebe005b44b45393d66f61e0ea6f7 | |
| 13 | SHA1 (patch-libtiff_tif_dirread.c) = f6d442da817457d7ac801a3005e21c357ac31f8a | 13 | SHA1 (patch-libtiff_tif_dirread.c) = f6d442da817457d7ac801a3005e21c357ac31f8a | |
| 14 | SHA1 (patch-libtiff_tif_dirwrite.c) = 07ccbf8cf210b95d5ca7710cc2982368783b4dcb | 14 | SHA1 (patch-libtiff_tif_dirwrite.c) = 07ccbf8cf210b95d5ca7710cc2982368783b4dcb | |
| 15 | SHA1 (patch-libtiff_tif_getimage.c) = 267b555c8b043d0a835db4d46ef65131776601e6 | 15 | SHA1 (patch-libtiff_tif_getimage.c) = 267b555c8b043d0a835db4d46ef65131776601e6 | |
| 16 | SHA1 (patch-libtiff_tif_jpeg.c) = 1049b7b243e9e145886bcac8e68e5e7889337ebc | 16 | SHA1 (patch-libtiff_tif_jpeg.c) = 1049b7b243e9e145886bcac8e68e5e7889337ebc | |
| 17 | SHA1 (patch-libtiff_tif_ojpeg.c) = 6447168e952bb80a1a8272c2c27bb0ce3ccf6939 | 17 | SHA1 (patch-libtiff_tif_ojpeg.c) = 6447168e952bb80a1a8272c2c27bb0ce3ccf6939 | |
| 18 | SHA1 (patch-libtiff_tif_read.c) = 85674d2e222846e3971301ce2fb7ebe02f54b9b2 | 18 | SHA1 (patch-libtiff_tif_read.c) = 85674d2e222846e3971301ce2fb7ebe02f54b9b2 | |
| 19 | SHA1 (patch-libtiff_tif_unix.c) = c8312771e567f90de0f77ac8eb66ed5c36e35617 | 19 | SHA1 (patch-libtiff_tif_unix.c) = c8312771e567f90de0f77ac8eb66ed5c36e35617 | |
| 20 | SHA1 (patch-libtiff_tif_win32.c) = 1ea9dcb6618c40b9de3e8d2a81914355f2111fdc | 20 | SHA1 (patch-libtiff_tif_win32.c) = 1ea9dcb6618c40b9de3e8d2a81914355f2111fdc | |
| 21 | SHA1 (patch-libtiff_tiffio.h) = e0efa9e1246e07dbb3a69d626988a18f12ba9d3c | 21 | SHA1 (patch-libtiff_tiffio.h) = e0efa9e1246e07dbb3a69d626988a18f12ba9d3c | |
| 22 | SHA1 (patch-man_Makefile.in) = ff073529c9d3ab98a03efa7d98c3263c1782482f | 22 | SHA1 (patch-man_Makefile.in) = ff073529c9d3ab98a03efa7d98c3263c1782482f | |
| 23 | SHA1 (patch-tools_tiff2pdf.c) = ce7a3e77c27ad3cabaa33b5da61cbd1b27f187d1 | 23 | SHA1 (patch-tools_tiff2pdf.c) = ce7a3e77c27ad3cabaa33b5da61cbd1b27f187d1 | |
| 24 | SHA1 (patch-tools_tiffcp.c) = 42573d15fc66655a09e9227213b0929238f7e651 | 24 | SHA1 (patch-tools_tiffcp.c) = bd6abd9dc6e044ff04d761d999fabfb0919ba0db | |
| 25 | SHA1 (patch-tools_tiffcrop.c) = 1d729028fb8c05de958424234d5cc2808acc9b25 | 25 | SHA1 (patch-tools_tiffcrop.c) = 1d729028fb8c05de958424234d5cc2808acc9b25 |
| @@ -1,37 +1,52 @@ | @@ -1,37 +1,52 @@ | |||
| 1 | $NetBSD: patch-tools_tiffcp.c,v 1.2 2017/05/05 20:06:03 he Exp $ | 1 | $NetBSD: patch-tools_tiffcp.c,v 1.3 2017/05/06 21:37:16 he Exp $ | |
| 2 | 2 | |||
| 3 | CVE-2017-5225 | 3 | CVE-2017-5225 | |
| 4 | http://bugzilla.maptools.org/show_bug.cgi?id=2656 | 4 | http://bugzilla.maptools.org/show_bug.cgi?id=2656 | |
| 5 | http://bugzilla.maptools.org/show_bug.cgi?id=2657 | 5 | http://bugzilla.maptools.org/show_bug.cgi?id=2657 | |
| 6 | https://github.com/vadz/libtiff/commit/5c080298d59efa53264d7248bbe3a04660db6ef7 | 6 | https://github.com/vadz/libtiff/commit/5c080298d59efa53264d7248bbe3a04660db6ef7 | |
| 7 | 7 | |||
| 8 | and | 8 | and | |
| 9 | 9 | |||
| 10 | CVE-2016-10093 | 10 | CVE-2016-10093 | |
| 11 | http://bugzilla.maptools.org/show_bug.cgi?id=2610 | 11 | http://bugzilla.maptools.org/show_bug.cgi?id=2610 | |
| 12 | https://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec | 12 | https://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec | |
| 13 | 13 | |||
| 14 | and | |||
| 15 | ||||
| 16 | CVE-2016-10268 | |||
| 17 | http://bugzilla.maptools.org/show_bug.cgi?id=2598 | |||
| 18 | https://github.com/vadz/libtiff/commit/5397a417e61258c69209904e652a1f409ec3b9df | |||
| 19 | ||||
| 14 | --- tools/tiffcp.c.orig 2016-10-12 01:45:17.000000000 +0000 | 20 | --- tools/tiffcp.c.orig 2016-10-12 01:45:17.000000000 +0000 | |
| 15 | +++ tools/tiffcp.c | 21 | +++ tools/tiffcp.c | |
| 16 | @@ -592,7 +592,7 @@ static copyFunc pickCopyFunc(TIFF*, TIFF | 22 | @@ -592,7 +592,7 @@ static copyFunc pickCopyFunc(TIFF*, TIFF | |
| 17 | static int | 23 | static int | |
| 18 | tiffcp(TIFF* in, TIFF* out) | 24 | tiffcp(TIFF* in, TIFF* out) | |
| 19 | { | 25 | { | |
| 20 | - uint16 bitspersample, samplesperpixel = 1; | 26 | - uint16 bitspersample, samplesperpixel = 1; | |
| 21 | + uint16 bitspersample = 1, samplesperpixel = 1; | 27 | + uint16 bitspersample = 1, samplesperpixel = 1; | |
| 22 | uint16 input_compression, input_photometric = PHOTOMETRIC_MINISBLACK; | 28 | uint16 input_compression, input_photometric = PHOTOMETRIC_MINISBLACK; | |
| 23 | copyFunc cf; | 29 | copyFunc cf; | |
| 24 | uint32 width, length; | 30 | uint32 width, length; | |
| 31 | @@ -985,7 +985,7 @@ DECLAREcpFunc(cpDecodedStrips) | |||
| 32 | tstrip_t s, ns = TIFFNumberOfStrips(in); | |||
| 33 | uint32 row = 0; | |||
| 34 | _TIFFmemset(buf, 0, stripsize); | |||
| 35 | - for (s = 0; s < ns; s++) { | |||
| 36 | + for (s = 0; s < ns && row < imagelength; s++) { | |||
| 37 | tsize_t cc = (row + rowsperstrip > imagelength) ? | |||
| 38 | TIFFVStripSize(in, imagelength - row) : stripsize; | |||
| 39 | if (TIFFReadEncodedStrip(in, s, buf, cc) < 0 | |||
| 25 | @@ -1068,6 +1068,16 @@ DECLAREcpFunc(cpContig2SeparateByRow) | 40 | @@ -1068,6 +1068,16 @@ DECLAREcpFunc(cpContig2SeparateByRow) | |
| 26 | register uint32 n; | 41 | register uint32 n; | |
| 27 | uint32 row; | 42 | uint32 row; | |
| 28 | tsample_t s; | 43 | tsample_t s; | |
| 29 | + uint16 bps = 0; | 44 | + uint16 bps = 0; | |
| 30 | + | 45 | + | |
| 31 | + (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps); | 46 | + (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps); | |
| 32 | + if( bps != 8 ) | 47 | + if( bps != 8 ) | |
| 33 | + { | 48 | + { | |
| 34 | + TIFFError(TIFFFileName(in), | 49 | + TIFFError(TIFFFileName(in), | |
| 35 | + "Error, can only handle BitsPerSample=8 in %s", | 50 | + "Error, can only handle BitsPerSample=8 in %s", | |
| 36 | + "cpContig2SeparateByRow"); | 51 | + "cpContig2SeparateByRow"); | |
| 37 | + return 0; | 52 | + return 0; |